I find this situation insanely entertaining, is that wrong? It appears the initial vectors of attack were pretty straight forward, the social engineering aspect of it is almost ridiculous. The biggest portion of this attack that is so alarming is how many private companies, government agencies and foreign interests had some involvement with HBGary, and now they are suddenly exposed.......the kinetic damage from the poor security practices by HBGary.

There have a number of security companies pwned in the last few years. I'd be shocked if a number of the bigger companies wouldn't also be pwnable, especially when you count the SE attacks. The SE attacks aren't a pass/fail, its a question of what percentage of the people will fall for it.

Making yourself the poster child of how not to run a security company, nice. If they ever recovery its going to be a while and no steak is going to remove that black eye. The using of the same password accross domains (company and internet) really kills me.

digitalsecurity4u wrote:Making yourself the poster child of how not to run a security company, nice.

I actually appreciate someone trying to take on Anonymous. Whether you support the cause that Anonymous stands for, what they are doing *is* illegal. And we supporting an "ends justify the means" approach is very dangerous.

If they ever recovery its going to be a while and no steak is going to remove that black eye.

They are dead. My understanding is that they have two employees left.

The using of the same password accross domains (company and internet) really kills me.

Yeah, not a great idea, but I can guarantee they they aren't the only security company doing it.

If they ever recovery its going to be a while and no steak is going to remove that black eye.

They are dead. My understanding is that they have two employees left.

Aaron Barr has finally resigned. When you say only 2 employees left, is that just HBGary Federal, or HBGary? Reading the chat logs from when Penny Leavy was pleading with Anonymous in their IRC channel, she made it clear that HBGary had only invested money in HBGary Federal, that they were separate companies. I haven't heard much about HBGary and was wondering how they were doing compared to HBGary Federal.

Last edited by lorddicranius on Thu Mar 03, 2011 9:58 am, edited 1 time in total.

It seems as though his compromise for usability vs security met a sad fate. I assume that he set his websites/accounts up thinking that he had no reason to be excessively secure. For a security company, this is unacceptable. Most of us make these common mistakes in the sake of thinking, "Its good enough".... and it usually is... because were not starting trouble for ourselves with a group known to be successful with disrupting services. I still fail to see what he was trying to accomplish? Even if he was completely secure (by theory), he would still be susceptible to DDoS attacks, that they are known to use, that would disrupt the day to day operations of his websites.. there really was no 'winning' outcome. His arrogance caused his downfall.. and he will have that story to tell for the rest of his life.